12 November 2012 – The OASIS international consortium has launched the Cloud Application Management for Platforms (CAMP) Technical Committee, a project to define the interoperability standard for managing applications in Platform as a Service (PaaS) environments. CAMP will leverage similarities between commercial and open-source PaaS products to produce a simple API that is language-, framework-, and platform-agnostic. Using CAMP, companies will be able to migrate their cloud applications from one PaaS vendor to another by mapping the requirements of applications to the specific capabilities of the underlying platform.

"Companies are starting to experiment with PaaS, but even as they do, it becomes clear that varia-tions between the vendors' application interfaces will make it hard to move applications from plat-form to platform. That looks a lot like vendor lock-in, and it's putting customers off," said Rachel Chalmers, VP of Research at The 451 Group. "It is encouraging to see that this issue has been grasped by the vendor community and is being addressed within the OASIS framework."

"CAMP’s goal is to define a simple standard RESTful API along with a JSON-based protocol, with an extensibility framework that enables interoperability across multiple vendors' offerings. Using CAMP, users can manage their application lifecycles and move applications between clouds easily," said Martin Chapman of Oracle, chair of the OASIS CAMP Technical Committee. "We expect CAMP to foster an ecosystem of common tools, plugins, libraries and frameworks, which will allow vendors to offer greater value-add."

Work on CAMP was initiated in late 2010 by a group of seven companies, Oracle, Red Hat, Rack-space, Cloudsoft, Huawei, CloudBees, and Software AG. They transitioned the project to OASIS in order to ensure CAMP would benefit from broad industry participation in an open, collaborative setting.

"CAMP is one of several new Cloud standardization projects at OASIS that make use of JSON and REST," noted Laurent Liscia, OASIS executive director and CEO. "We see the standardization of CAMP as an important step in guiding the industry into an ecosystem of interoperable and portable cloud systems."

The CAMP Technical Committee is open to all interested parties, and new members are encouraged to join at any time. Archives of the work are accessible to both members and non-members, and OASIS invites public review and comment on the work.

Support for CAMP

Cloudsoft"Enterprises are getting serious about hybrid cloud computing – combining their on-premise capability with cloud service provider offerings. Enterprises are also zeroing in on PaaS – cloud middleware if you will – as the most effective way of exploiting cloud. However, to de-risk their hybrid cloud strategy and avoid PaaS lock-in, they view genuine multi-cloud support as absolutely essential and the work of the OASIS CAMP TC as critical, since cloud-agnostic application management is the key to cloud interoperability."
-- Duncan Johnston-Watt, CEO

JumpSoft
"Organizations clearly desire better cloud portability, usability and interoperability for PaaS environments. JumpSoft is committed to supporting open standards in our application management products. CAMP provides a standard API for cloud application management solutions to ensure customers will have a choice in their cloud technology and services."
-- David Sawyer, CEO

Oracle
"As part of the OASIS Technical Committee for CAMP, Oracle looks forward to continuing to help define a simple REST-based approach for management of cloud-based applications. In addition, CAMP can provide a framework for extensibility to support the evolution of products, while enabling portability across clouds and compatibility with PaaS-aware and PaaS-unaware application development environments."
-- Jeff Mischkinsky, senior director, Oracle Fusion Middleware

Software AG"As a Sponsor member of OASIS, Software AG welcomes the formation of the CAMP Technical Committee. As a co-author of the CAMP specification, we hope our contributions to this TC effort will serve to advance CAMP as a standard that is broadly adopted, enabling interoperability between vendor products while offering increased choice for customers. We are excited about the emerging standards efforts in the Cloud space, that is expected to transform the way business is done in the future."
-- Prasad Yendluri, VP & Deputy CTO

Standing Cloud
"Standing Cloud is committed to helping cloud customers avoid lock-in, so that they can leverage the cloud without limiting their future options. Industry standards are the most powerful way to ensure this flexibility for the long term, and we are enthusiastic about our participation in the OASIS CAMP Technical Committee to help realize that vision."
-- David J. Jilk, CEO

OASIS (Organization for the Advancement of Structured Information Standards) is a not-for-profit, international consortium that drives the development, convergence and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for cloud computing, content technologies, business transactions, security, privacy, SOA, the Smart Grid, emergency management, and other applications. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users, and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 100 countries.

Connect with OASIS

News by Year

Related links

Testimonials

Cybersecurity is one of the greatest challenges our modern society faces and requires a coordinated approach to succeed. Under OASIS leadership, we see an opportunity to better organize the good guys to fight cybercriminals by sharing cyber threat intelligence data in an automated and efficient data standard.

As a Sponsor of the OASIS CTI Technical Committee, we are delighted to be at the forefront of advancing critically important standards like STIX, TAXII and CybOX. By creating protocols that address how to best model, analyze, and share cyber threat intelligence, we can provide greater support to overwhelmed security professionals.

Soltra is proud to be a member of the OASIS CTI Technical Committee. Our threat information sharing solution, Soltra Edge, was built leveraging STIX, TAXII, and Cybox – key standards within the industry. We look forward to contributing to CTI as we continue to establish and maintain open standards, while improving cyber security capabilities and reducing workload.

Open standards and community sharing are vital components of a successful and effective fight against cybercrime. Our goal is to make Threat Intelligence, from a variety of sources, timely and actionable.

Focusing on standardizing threat intelligence technologies to keep sensitive government and corporate information secure is paramount to the mission of OASIS and its members. At ViaSat, we take a comprehensive approach to cybersecurity, from identifying potential cyber and physical security vulnerabilities to designing and implementing a plan that leverages big data analytics, intuitive visualization and intelligent automation to keep pace with evolving threats no matter where data resides on the network or how it is accessed.

iSIGHT Partners, creator of the commercial cyber threat intelligence category, understands how security organizations can gain the advantage over adversaries by using threat intelligence across their security and risk management program. As an early contributor and enabler of STIX, we welcome the opportunity to join with OASIS to further develop CTI standards and accelerate the adoption of context rich threat intelligence.

At OASIS, you don't have to be a large vendor to influence work. Of all the standards bodies we’ve participated in, OASIS is the only one we recommend with no hesitation. It is a group that simply works.

We are proud to support the work OASIS is doing to advance their cybersecurity specifications and promote information sharing, a critical factor in today's security posture. By sharing details about malicious incidents quickly, not only between the public and private sectors, but across industry lines within the private sector as well, we can work together to better defend ourselves and stay ahead of the hackers.

STIX and TAXII in particular are important initiatives towards next generation threat intelligence. Using the same terms, data streams, and threat modeling methods will help researchers, vendors, and law enforcement alike share information back and forth to stay abreast or even ahead of threat actor groups. We are pleased to contribute to this and more through OASIS.

We have long been committed to any advances that can better enable the sharing of threat intelligence among security professionals. Until now, organizations have been hampered by a lack of common standards and the tendency for security information to be siloed. We strongly support this important endeavor and look forward to contributing to the standardization being led by OASIS.

NEC is very pleased to be part of the CTI Technical Committee and continues to drive CTI adoption with industry partnerships to benefit customers. NEC believes that threat intelligence standards are crucial for proactively countering the cyber threat. We are excited about the formation of CTI TC and support its efforts through its contributing to and promotion of this global standard.

We have been advocates of STIX, TAXII and CybOx for some time. OASIS as an international standards checkpoint will undoubtedly improve threat intelligence sharing amongst partners by facilitating the exchange of computer-readable threat information.

Development of an industry-wide standards framework for cyber threat intelligence is crucial for the information security industry to be able to define and share threats. New Context is a proud sponsor of OASIS and believes strongly in open and transparent standards frameworks development. We look forward to collaborating on the next standards for STIX, CybOX and TAXII.

I always encourage vendors with products related to access control, security, or cloud computing to join the appropriate OASIS Technical Committees and contribute to the standards work. We all benefit that way.